The Honeynet Project - Tallinn Manualhttp://honeynet.org/taxonomy/term/309/0
enHide and go seek, not hide and go tweakhttp://honeynet.org/node/1076
<p>On July 31, 2013, <a href="http://www.blackhat.com/us-13/briefings.html#Geffner2">Jason Geffner of CrowdStrike discussed a new tool called "Tortilla"</a> that allows incident responders and computer security researchers to hide behind the Tor network as they poke and prod malicious software infrastructure. Were I there, I would have asked Jason this question: What things should I <em>not do</em> while using Tortilla, and <em>why</em> shouldn't I do them? I know Jason and respect his technical skills, but if he and CrowdStrike don't have a good answer, that will say a lot about our field's collective ability to reason about actions along the Active Response Continuum. [D. Dittrich and K. E. Himma. Active Response to Computer Intrusions. Chapter 182 in Vol. III, Handbook of Information Security, 2005. <a href="http://ssrn.com/abstract=790585">http://ssrn.com/abstract=790585</a>.]</p>
<p><a href="http://honeynet.org/node/1076" target="_blank">read more</a></p>Active Response Continuumethicshumanitarian lawimproper ruselaw of warTallinn ManualWed, 31 Jul 2013 21:59:48 +0000david.dittrich1076 at http://honeynet.org